· 3 min read

Mozilla Firefox joins Google Chrome in Rejecting Entrust SSL Certificates

Mozilla Firefox joins Google Chrome in Rejecting Entrust SSL Certificates

Mozilla Firefox joins Google Chrome in Rejecting Entrust SSL Certificates

Mozilla Firefox joins Google Chrome in Rejecting Entrust SSL/TLS Certificates

Following Google Chrome’s decision earlier this year to distrust Entrust’s SSL/TLS Certificates, Mozilla Firefox has reached a verdict that it too, will no longer accept Entrust’s root certificates in Firefox from November 30th, 2024.

Entrust’s Market Share

Several sources indicate that Entrust has only a small share of the certificate market, which is true when assessing random samples of millions of websites. However, it is clear that Entrust has a large share of the enterprise market, with 10% of the Fortune 500 utilizing their certificates to protect their main website. What does this mean for Entrust’s users? With Google setting a revocation date for October 31st, and Mozilla Firefox, November 30th, enterprises will not have long to make a decision. Even before Mozilla’s decision, Entrust released a press statement with SSL.com, announcing that their new joint setup would allow for a “seamless transition”. This is good news then, for Entrust, but the announcements begs the question of the big picture market share for SSL/TLS Certificates.

The Rise of Automated, Free, SSL/TLS Certificates

SSL/TLS Certificate competitors have been feeling the squeeze over the last 10 years with the rise of “Let’s Encrypt”, which supports free and automated SSL/TLS certificates to encrypt the internet. Let’s Encrypt now secures over 13% of the Fortune 500, and over half of the world’s websites, including this one. Despite competitors offering certificates including Organizational Validation (OV) and Extended Validation (EV), EV has been sidelined for a few years now, and verification requires some technical know-how by the user to accurately verify the company against potential imposters. Sponsored by Google, Amazon Web Services (AWS), Meta (Facebook), Cisco, Akamai, IBM, and many others, Let’s Encrypt will likely continue to grow well beyond its 50% market share.

What about BIMI?

Brand Indicators for Message Identification allows companies to incorporate a verified trademark logo next to the subject line in a user’s inbox, improving professional appearance, with the aim of decreasing phishing risk. To this day, only two certification authorities are able to issue BIMI-grade certificates, DigiCert, and Entrust. It is as of yet unclear as to whether these certificates of Entrust will also be distrusted in the future, but it throws the future of BIMI into peril, with only 5% of the Fortune 500 having adopted it, adoption may be further stalled should DigiCert become the sole provider of such certificates. As of right now, of the 5% of the Fortune 500 that have adopted BIMI, the market is split 50-50 between Entrust and DigiCert. Such standards typically receive high levels of adoption, when multiple providers of the service exist, for example, the 100+ root certificates trusted by browsers.

    Share:
    Back to Blog

    Related Posts

    View All Posts »
    Anti Spam Laws Around the World

    Anti Spam Laws Around the World

    Spam, unsolicited electronic communication, has become a global issue that affects individuals, businesses, and governments alike. Various countries have developed anti-spam laws to protect consumers from unwanted emails, messages, and other forms of digital marketing. These laws vary by region, but they generally focus on requiring consent from recipients, providing clear opt-out mechanisms, and penalizing violators with hefty fines. Below is an overview of key anti-spam regulations from the United States, Canada, New Zealand, Australia, Ireland, and the United Kingdom.

    What is Risk Reductin in Cyber Security - 50 Ways to Reduce Risk

    What is Risk Reductin in Cyber Security - 50 Ways to Reduce Risk

    Explore the essentials of risk reduction in cyber security and learn how to proactively protect your organization. Uncover strategies for minimizing vulnerabilities, strengthening defenses, and implementing best practices to lower potential cyber threats and ensure robust digital security.

    What is Risk Transfer in Cyber Security - 40 Ways to Transfer Risk

    What is Risk Transfer in Cyber Security - 40 Ways to Transfer Risk

    Discover how risk transfer in cyber security can safeguard your organization. Learn about strategies to mitigate potential cyber threats by shifting liability, utilizing insurance, and partnering with third-party experts. Explore effective ways to protect your digital assets.